---
id: common-oauth2-openid-connect-flows
title: Using Common OAuth2 and OpenID Connect Flows
---

## Authorize Code Flow with Refresh Token

The following command creates an OAuth 2.0 Client capable of executing the
Authorize Code Flow, requesting ID and Refresh Tokens and performing the OAuth
2.0 Refresh Grant:

```sh
hydra clients create \
    --endpoint http://ory-hydra:4445 \
    --id client-id \
    --secret client-secret \
    --grant-types authorization_code,refresh_token \
    --response-types code \
    --scope offline_access \
    --callbacks http://my-app.com/callback,http://my-other-app.com/callback
```

The OAuth 2.0 Client will be allowed to use values `http://my-app.com/callback`
and `http://my-other-app.com/callback` as `redirect_url`.

> It is expected that the OAuth 2.0 Client sends its credentials using HTTP
> Basic Authorization.

If you wish to send credentials in the POST Body, add the following flag to the
command above:

```
    --token-endpoint-auth-method client_secret_post \
```

The same can be achieved by setting
`"token_endpoint_auth_method": "client_secret_post"` in the request body of
`POST /clients` and `PUT /clients/<id>`.

To initiate the flow, redirect the user's browser to the OAuth2 Auth Code URL:

```html
<a
  href="https://ory-hydra:4444/oauth2/auth/?client_id=client-id&scope=offline_access&redirect_uri=http://my-app.com/callback"
>
  Connect with ...
</a>
```

## Client Credentials Flow

To create a client only capable of performing the OAuth 2.0 Client Credentials
flow, use:

```shell script
hydra clients create \
    --endpoint http://ory-hydra:4445 \
    --id my-client \
    --secret secret \
    -g client_credentials
```
